This week’s Top Story is a spear phishing tale that targeted a small town’s Business Rotary Club members. Spear phishing is a very targeted form of phishing fraud. It requires the criminals to conduct online research to learn about a company, non-profit or organization. With enough information, cybercriminals then pretend to be key people of the organization in their effort to trick others who control the flow of money into transferring funds to accounts controlled by the criminals. The Rotary Club has given us permission to tell their tale but we’ve taken steps to remove their email addresses and full names to protect their identities. Gail is the President of the Rotary Club. This story began with a short email from Gail to Carl at 10:09 am on a Monday…
To which Carl simply responded with a “no.”
Except, that “Gail” was not contacting Carl through her regular email account. The email, sent in her name, came from “presidentceo098” @ protonmail.com. Proton Mail is a free, encrypted email service in Switzerland. But now that “Gail” had Carl’s attention, “she” followed up a few hours later to ask that he transfer some funds to pay for administrative expenses.
Understandably, Carl was a bit suspicious about the request and the “administrative expense” and hence he asked for some clarity. “Gail” responded by saying it was for “a community development program in the area” which might make sense since the Rotary Club is well known for their community development. However, the “area” to which Gail was asking payment be made was nowhere near their area!
The scammer, pretending to be Gail, asked for a wire transfer to a person identified as Deborah Tillery, from 97 summit Avenue, Newark NJ 07712. Furthermore, Carl’s suspicions were enough that he contacted the Board of Directors to ask about this payment request. It was then obvious to everyone that “Gail’s” email address was not legitimate and they ended communication with the scammer. So what did this cybercriminal do after realizing that his plot failed? He contacted at least one other member of this Rotary Club the next day! This time he used a Gmail address while pretending to be the Club President!
Fortunately, the Board had notified its members and the local police about the attempted fraud. It turns out that this cybercriminal sent several emails from suddenlink.net, protonmail.com, and gmail.com. The lessons here are very clear….
- Look carefully at the email addresses of the sender.
- Never move money to anyone, anywhere on just the say-so of an email. Double-check over the phone or in person with the individual who is authorized to make the request.
As the former President of this Rotary Club has described this fraud… “This is, unfortunately, a very classic pattern of a wire transfer scam that has been making its rounds. The scam artists use the organization information that is publicly available on an organization’s website to then spoof an email from the president to the treasurer (or to the accounting manager in case of a commercial entity) to issue an urgent wire transfer.”